8 Ways Leading CISO’s have Created High Performing Security Teams Part 2 of 8

Fortify Experts held a series of CISO round tables which included over 20 industry-leading security leaders designed to uncover how they have created high-performing security teams.?This is the first installment of an 8-part series that will cover seven of the top common suggestions on how to Create High Performing Security Teams.?

Pro Tip: 2. Make it Personal

With over 90% of cyber attacks still coming in through employees’ devices, Successful security leaders often discuss how creating a security-focused corporate culture can be more impactful than developing the most complete strategy, deploying the latest sophisticated AI technology, or even having the highest performing security team.?

Security strategies often fail when the business culture does not support it or see the intrinsic value of the strategy.?However, by creating an army of cyber-vigilant employees who are deputized to help the security team perform, the program as a whole will be more effective.

Culture Trumps Strategy Every Time.

Start at home.?One method in creating an effective business-focused security culture is to make it personal.?First, raise personal awareness of the dangers and risks of not being digitally safe at home.?Then, teach the employees how to protect themselves and their families at home. Since, work is now at home for many people, raising personal safety awareness at home will more naturally raise employees’ safety awareness at work.??

Personal Security Assessments.?More firms are now requiring employees to complete safety awareness training before they are allowed to work from home.?One such free tool is the www.s2me.com security assessment which walks individuals through the risks associated with connected devices such as routers, mobile devices, connected TVs and appliances, etc.?It also gauges employees’ current security practices such as password use and storage, backups, and data recovery capabilities.??

This assessment helps them evaluate how secure their personal practices are, how secure their network is, how it could be compromised, and where vulnerabilities may be introduced into their systems. The assessment provides an objective score and recommendations on how to improve their security score.?In addition, the S2 tool monitors the user’s email for them and will notify them when it shows up in possible breach reports.?

S2 also has a free team version called S2Team which allows companies to send out these assessments to employees and then anonymously aggregate results back to the security team to help them understand where security training is needed the most.?

Some employers are also providing employees with tools such as password managers like LastPass so they can more securely manage their personal and business passwords.

Take it to the Office.?ExxonMobil went as far as creating internal infomercials showing a character called, “One Click” which took a humorous approach to show how one wrong click could take down the whole company and bring the wrath of his co-workers down upon him.?

Provide a carrot and a stick.?Many firms have deployed email phishing training tools such as PhishMe (Confense.com) or KnowBe4.com which is more of an entire security training platform.?Companies can provide a carrot to employees by rewarding them for reporting phishing attacks, or by not being fooled by them.?Conversely, for employees who are not diligent and careful, the company can provide additional training or even disciplinary actions including termination if the employees continue to be digitally careless.

Create Security Evangelists. Some security leaders engaged business users and taught them how to test for vulnerabilities within their own systems.?This raised their security awareness level and helped them become security evangelists within their business units.?

By engaging all employees to protect their own personal digital assets, it will translate to protecting the company’s digital assets.?Building a security culture mindset of “See something, say something” helps the business users become part of the solution and not part of the problem.??

For the rest of the Tips go to: 8 Ways CISOS Create Higher Performing Security Teams

NEXT:?Pro Tip?3: Teach the Team How to Fail Forward

For the Rest of the Tips go to?8 Ways CISOS Create Higher Performing Security Teams

About?Tim Howard

Tim Howard is the founder of 4 technology firms including?Fortify Experts?which helps companies hire the Best Cyber Talent on the Planet as well as provides expert consulting and NIST-based?security assessments.?

In addition, he has a passion for helping CISOs develop Higher Performing Teams through coaching, by creating interactive?CISO Forums, and by helping them create highly-effective team cultures.

With each new hire, his firm produces an?Employee Operating Manual?to help clients understand how to motivate and maximize productivity while meeting the needs of each employee.

He also teamed up with Lyndrel Downs to launch?Cybersecurity DIVAS?to help promote the most influential women in cybersecurity and provide a mentoring program to help encourage and support more diversity within the industry.

Tim is married with 3 kids. He is an avid runner and has completed two?IRONMAN Texas?events. He is also a graduate of Texas A&M University.?

Invite Tim to connect:??www.dhirubhai.net/in/timhoward